CVE-2016-6102
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22000359
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | security_key_lifecycle_manager | 2.5.0 | |
| ibm | security_key_lifecycle_manager | 2.5.0.0 | |
| ibm | security_key_lifecycle_manager | 2.5.0.1 | |
| ibm | security_key_lifecycle_manager | 2.5.0.2 | |
| ibm | security_key_lifecycle_manager | 2.5.0.3 | |
| ibm | security_key_lifecycle_manager | 2.5.0.4 | |
| ibm | security_key_lifecycle_manager | 2.5.0.5 | |
| ibm | security_key_lifecycle_manager | 2.5.0.6 | |
| ibm | security_key_lifecycle_manager | 2.5.0.7 | |
| ibm | security_key_lifecycle_manager | 2.6.0 | |
| ibm | security_key_lifecycle_manager | 2.6.0.1 | |
| ibm | security_key_lifecycle_manager | 2.6.0.2 | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.